/scytale-desktop-app

A secure chatting app built on electron, socket.io and heroku

Primary LanguageJavaScriptApache License 2.0Apache-2.0

Scytale desktop clients

Scytale is a simple P2P chat application that focuses on security, simplicity and e2e user ownership. The intention of this app is not to replace the already existing and popular messaging applications. It is targeting the users who want a secure, dependency-free and fully owned application with a simple interface for exchanging snap messsages.

The client application requires a backend service for exchanging ICE information. It is advised to create your own server on heroku since the default one is for demo purposes (only) and is not maintained.

Status

Build Status

Security

  • Keys are generated using ECDH (prime256v1).
  • E2E encryption is performed by SHA256 (aes-256-cbc).
  • The shared secret is calculated like: 
    const sharedSecret = ecdh.computeSecret(remoteUser.publicKey, 'hex', 'hex').substring(0,32)
  • A hash sha256 of the original message is sent together with the encrypted message.

Check safecurves

Dev

Clone the backend service and start it locally.

# Install dependencies
npm install
# Run the app in dev mode
npm run electron-dev

Open your browser and point two tabs to: http://localhost:3000. Pick a random string for chatroom and connect both clients. :)

Unit Test

npm test --watchAll

E2E Test

npm test:e2e